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Attachment 



Reasons for Requesting Pre- Appeal Brief Request For Review 
(no more than five 5 pages may be provided) 

These remarks are hereby filed concurrent with a Pre- Appeal Brief Request for Review, 
following a final Official Action of April 17, 2008, on a Request for Continued Examination 
(RCE) of the present application. The final Office Action continues to reject all of the pending 
claims, namely Claims 1-18, under 35 U.S.C. § 102(e) as being anticipated by U.S. Patent 
Application Publication No. 2004/0078573 to Matsuyama. As explained below, Appellant 
respectfully maintains that the Official Action fails to prima facially reject Claims 2-18, and that 
the claimed invention is patentably distinct from Matsuyama. In view of the remarks presented 
herein, Appellant respectfully requests reconsideration and withdrawal of the rejections of all of 
the pending claims. 

A. Note regarding Claim Construction 

Initially, Appellant notes that in the first and now the final Official Action, the Office has 
failed to provide Appellant with a sufficient claim construction or interpretation of Matsuyama 
so as to enable the Appellant to effectively reply or readily judge the advisability of an appeal. 
See MPEP §§ 706, 706.07. In this regard, as has been recognized by the Board of Patent 
Appeals and Interferences (BPAI), " The Examiner must make specific findings as to claim 
construction ." Ex parte Blankenstein et al., Appeal No. 2007-2872, Application No. 10/1 16,3 12 
(BPAI Aug. 26, 2008); and see Gechter v. Davidson, 1 16 F.3d 1454 (Fed. Cir. 1997) (emphasis 
added). In the instant case, other than quoting or paraphrasing Appellant's claim language with 
annotated citations to figures, or column and line numbers of Matsuyama, the Office provides no 
finding or other explanation regarding Appellant's claims, Matsuyama, or the application of 
Matsuyama to Appellant's claims. 

B. The Examiner fails to Prima Facially Reject Claims 2-18 

Appellant also maintains that the Examiner fails to establish prima facie anticipation or 
obviousness of any of Claims 2-18. As stated in the MPEP, anticipation of the claimed invention 
requires the cited reference to explicitly or inherently teach each and every element of the 



claimed invention. MPEP §2131. Likewise, all of the elements of a claimed invention must be 
taught or suggested by the prior art to establish prima facie obviousness of a claimed invention. 
MPEP § 2143.03 {citing In re Royka, 490 F.2d 981 (CCPA 1974)). In the instant case, however, 
the Examiner fails to allege prior art, including Matsuyama or any other prior art, that teach or 
suggest the limitations of any of Claims 2-18. In fact, the Examiner only substantively considers 
independent Claim 1 . And even if that consideration somehow were also attributed to similar 
independent Claims 7 and 13, Appellant respectfully submits that the Examiner still fails to 
allege prior art that teach or suggest the limitations of any of Claims 2-6, 8-12 and 14-18. 

C. The Claimed Invention is Patentable over Matsuyama 

As indicated above, Claims 1-18 stand rejected as being anticipated by Matsuyama. As 
explained below, however, Appellant respectfully submits that the claimed invention is 
patentably distinct from Matsuyama. 

/. Matsuyama 

Briefly, Matsuyama discloses a remote access system that includes accessible target units 
of a home network, a home gateway serving the home network, and a portable unit carried by the 
user to access the target units. As disclosed, the portable unit may access the target units by 
sending and presenting, to the target units through the home gateway, an attribute certificate 
describing at least a privilege with regard to a resource and information of the home gateway. 

As more particularly disclosed with reference to FIG. 6 (reproduced below) and cited 
against independent Claim 1 of the present application, Matsuyama discloses an attribute 
authority AA providing a role assignment certificate RAAC (shown as certificate AC L ) that 
permits the home gateway to issue a role specification certificate RSAC (shown as certificate 
AC P ) to a portable unit. The RAAC/AC L is owned by the home gateway (described as 
individuals Ml, M2 and M3 - see paragraph 0083, "The home gateway 20, shown in FIG. 6 and 
corresponding to the individuals Ml , M2, and M3 . . ."), and indicates roles to which the home 
gateway belongs. The roles are conceptually privileges, and accordingly, the RSAC/AC P 
indicates the privileges permitted to the respective roles. 




Matsuyama. FIG. 6 

In operation (see at least FIG. 13), once the attribute authority AA has issued a 
RAAC/ACl to the home gateway, and the home gateway in turn has issued a RS AC/ACp to a 
portable unit, the portable unit may access a resource of a target unit by performing a mutual 
authentication with the home gateway using a public-key certificate PKCm assigned to the 
portable unit (by a certification authority CA). The portable unit then submits its RSAC/ACp to 
the home gateway, which in turn, submits it to the target units. The target units receive the 
RSAC/ACp from the home gateway, and verify its content; and if affirmatively verified, permit 
access to their resources from the portable unit. 

2. The Claimed Invention 
In accordance with one aspect of the present invention, as reflected by independent Claim 
1, a system is provided that includes an apparatus, a secondary certification authority (CA) 
processor, a tertiary CA processor and a server. As recited, the apparatus is programmed to 
communicate or facilitate communication within and/or across one or more networks. The 
apparatus is also included within an organization including a plurality of apparatuses, where one 
or more apparatuses have one or more characteristics and are at one or more of a plurality of 
positions within the organization. The organization includes a plurality of secondary CA 
processors programmed to issue role certificates to respective groups of apparatuses of the 



organization, and includes a plurality of tertiary CA processors programmed to issue permission 
certificates to respective sub-groups of apparatuses of the organization. In this regard, the 
secondary CA processor is programmed to provide one or more role certificates to the apparatus 
based upon the position of the apparatus within the organization. The tertiary CA processor, on 
the other hand, is programmed to provide at least one permission certificate to the apparatus 
based upon the characteristics of the respective apparatus. Thus, the server is programmed to 
authenticate the apparatus based upon an identity certificate, the role certificate and the 
permission certificate of the apparatus to thereby determine whether to grant the apparatus access 
to at least one resource of the server. 

3. Distinctions between Matsuyama and the Claimed Invention 
In contrast to independent Claim 1, Matsuyama does not teach or suggest providing both 
a role certificate (based on a position of an apparatus in an organization') and a permission 
certificate (based on a characteristic of the apparatus located at the respective position) to the 
apparatus, and authenticating the apparatus based on both those certificates as well as an identity 
certificate . Matsuyama may disclose multiple certificates including a RAAC/ACl and a 
RSAC/ACp. But nowhere does Matsuyama teach or suggest that these certificates (or any other 
certificates) are provided to an apparatus based on a position of an apparatus in an organization 
and a characteristic of the apparatus located at the respective position, as are the role and 
permission certificates of independent Claim 1. 

Matsuyama may also disclose authenticating a portable unit based on multiple certificates 
including the unit's public-key certificate PKC M and a RSAC/AC P . But nowhere does 
Matsuyama disclose a server that authenticates the portable unit based on role, permission and 
identity certificates, similar to the server of independent Claim 1 . Instead, Matsuyama discloses 
a home gateway authenticating the portable unit based on the public-key certificate PKCm, and a 
target unit authenticating the portable unit based on the RSAC/AC P . And although one could 
argue that the public-key certificate PKCm of Matsuyama corresponds to the recited identity 
certificate, the system of independent Claim 1 still authenticates a terminal based on at least a 
pair of additional certificates, i.e., role and permission certificates. Matsuyama, on the other 
hand, authenticates its portable unit only using one additional certificate (and by a separate 
network entity, i.e., the target unit). 



Appellant therefore respectfully submits that independent Claim 1, and by dependency 
Claims 2-6, is patentably distinct from Matsuyama. Appellant also respectfully submits that 
independent Claims 7 and 13 recite subject matter similar to amended independent Claim 1. For 
example, independent Claims 7 and 13 recite providing a role certificate and a permission 
certificate, and authenticating an apparatus based upon those certificates as well as an identity 
certificate. Accordingly, Appellant respectfully submits that independent Claims 7 and 13, and 
by dependency Claims 8-12 and 14-18, are patentably distinct from Matsuyama for at least the 
same reasons given above with respect to independent Claim 1. 



